Mark H Weaver writes: > Leo Famulari writes: > >> On Tue, Oct 25, 2016 at 12:53:28PM -0400, Kei Kebreau wrote: >>> Fix for >>> https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c/. >> >>> From 97312c3c9e13688081aa513d1c94a9fff1274f75 Mon Sep 17 00:00:00 2001 >>> From: Kei Kebreau >>> Date: Tue, 25 Oct 2016 12:49:52 -0400 >>> Subject: [PATCH] gnu: mupdf: Fix CVE-2016-8674. >>> >>> * gnu/packages/patches/mupdf-CVE-2016-8674.patch: New file. >>> * gnu/local.mk (dist_patch_DATA): Add it. >>> * gnu/packages/pdf.scm (mupdf): Use it. >> >> Thank you, please push! > > mupdf-CVE-2016-8674.patch fails to apply: > > https://hydra.gnu.org/build/1581228/nixlog/2/tail-reload > > Kei, did you test this? > > Mark I did not. It was a bad slip up, as I tested all of the rest of my patches today. I'll be significantly more careful with future security commits. Is it frowned upon to revert that commit on its own (it's the third to last commit as I write this), or should I attempt to patch on top of it?